The Intercept identified eight facilities across the U.S. that function as hubs for AT&T’s efforts to collaborate with the intelligence agency. The site first identified one potential hub of this kind in 2017 in lower Manhattan.
The report reveals that eight AT&T data facilities in the U.S. are regarded are high value sites to the NSA for giving the agency direct “backbone” access to raw data that passes through, including emails, web browsing, social media and any other form of unencrypted online activity. The NSA uses the web of eight AT&T hubs for a surveillance operation code named FAIRVIEW, a program previously reported by the New York Times. The program, first established in 1985, “involves tapping into international telecommunications cables, routers, and switches” and only coordinates directly with AT&T and not the other major U.S. mobile carriers.
AT&T’s deep involvement with the NSA monitoring program operated under the codename SAGUARO. Messaging, email and other web traffic accessed through the program was made searchable through XKEYSCORE, one of the NSA’s more infamous search-powered surveillance tools.
The Intercept explains how those sites give the NSA access to data beyond just AT&T subscribers:
“The data exchange between AT&T and other networks initially takes place outside AT&T’s control, sources said, at third-party data centers that are owned and operated by companies such as California’s Equinix. But the data is then routed – in whole or in part – through the eight AT&T buildings, where the NSA taps into it. By monitoring what it calls the ‘peering circuits’ at the eight sites, the spy agency can collect ‘not only AT&T’s data, they get all the data that’s interchanged between AT&T’s network and other companies,’ according to Mark Klein, a former AT&T technician who worked with the company for 22 years.”
The NSA describes these locations as “peering link router complex” sites while AT&T calls them “Service Node Routing Complexes” (SNRCs). The eight complexes are spread across the nation’s major cities with locations in Chicago, Dallas, Atlanta, Los Angeles, New York City, San Francisco, Seattle, and Washington, D.C. The Intercept report identifies these facilities:
“Among the pinpointed buildings, there is a nuclear blast-resistant, windowless facility in New York City’s Hell’s Kitchen neighborhood; in Washington, D.C., a fortress-like, concrete structure less than half a mile south of the U.S. Capitol; in Chicago, an earthquake-resistant skyscraper in the West Loop Gate area; in Atlanta, a 429-foot art deco structure in the heart of the city’s downtown district; and in Dallas, a cube-like building with narrow windows and large vents on its exterior, located in the Old East district.
… in downtown Los Angeles, a striking concrete tower near the Walt Disney Concert Hall and the Staples Center, two blocks from the most important internet exchange in the region; in Seattle, a 15-story building with blacked-out windows and reinforced concrete foundations, near the city’s waterfront; and in San Francisco’s South of Market neighborhood, a building where it was previously claimed that the NSA was monitoring internet traffic from a secure room on the sixth floor.”
While these facilities could allow for the monitoring of domestic U.S. traffic, they also process vast quantities of international traffic as it moves across the globe — a fact that likely explains why the NSA would view these AT&T nodes as such high value sites. The original documents, part of the leaked files provided by Edward Snowden, are available in the original report.